Re: hosts.deny not working
- From: Darren Salt <news@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 04 Sep 2005 16:06:33 +0100
I demand that Paul Martin may or may not have written...
> In article <4D9E8B1D20%news@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
> Darren Salt wrote:
>> I demand that postmaster may or may not have written...
>> [snip]
>>> It *is* possible to frig your hosts file to redirect connections intended
>>> for those banner servers, but since I also run apache here my webserver
>>> will get hammered by unnecessary connections, rather than squid block
>>> outgoing ones.
>> Redirect them to 192.0.2.1.
>> (I do this via a combination of squid and DNS.)
> A better address might be 255.255.255.254 (it gets "invalid argument" error
> on connection). The other has to wait for a connection timeout.
What's true of Linux isn't necessarily true of other OSes: you may still need
firewall rules to ensure that packets destined for 255.255.255.254 are
rejected. (Trying that address on my Risc PC and without appropriate rules, I
get a timeout.)
Rules such as these may be useful:
# packets from this machine
iptables -A OUTPUT -d 192.0.2.0/24 -j REJECT --reject-with icmp-net-prohibited
# packets from other machines
iptables -A FORWARD -d 192.0.2.0/24 -j REJECT --reject-with icmp-net-prohibited
--
| Darren Salt | d youmustbejoking,demon,co,uk | nr. Ashington,
| Debian, | s zap,tartarus,org | Northumberland
| RISC OS | @ | Toon Army
| <URL:http://www.youmustbejoking.demon.co.uk/> (PGP 2.6, GPG keys)
A feature is a bug with seniority.
.
- Prev by Date: Re: A spot of advice needed - OP has broken it
- Next by Date: Re: A spot of advice needed - OP reports back
- Previous by thread: PayPal site :-(
- Next by thread: Canon Pixma ip1500 printer and SUSE 9.1
- Index(es):
Relevant Pages
|
Loading
